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DETAILED ACTION 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U S C. 1 02 that form the 

basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-18,22-40,42-45,47-49 are rejected under 35 U.S.C. 102(e) as being unpatentable 
by Stolfo et al (US 2004/0002903). 

As per claims 1,24,32,40 Stolfo disclosed a method for allowing proxies in an integrated Identity 
System and Access System, comprising the steps of receiving from a user of the Integrated 
System and Access System a request for the user to be a proxy for an administrator of the 
integrated Identity System and Access System (Page. 4, Paragraph. 0042-0043); associating said 
user with one or more credentials of said administrator without authenticating said user as said 
administrator; and allowing said user to use said Identity System as said administrator based on 
said one or more credentials of said administrator (Page. 4, Paragraph. 0047). And allowing said 
user to use said Access System to access resources based on one or more credentials of said user 
but not one or more credentials of said administrator. 

3. As per claim 2 Stolfo disclosed wherein said step of receiving a request includes the steps 
of: providing a notification to said user of an ability to be said proxy for administrator; and 
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receiving a request from said user to be said proxy for said administrator (Page. 5, Paragraph. 
0051). 

4. As per claim 3 Stolfo disclosed wherein: said notification includes an email (Page. 17, 
Paragraph. 0196). 

5. As per claim 4 Stolfo disclosed wherein: said notification includes a display page for said 
Identity System (Page. 18, Paragraph. 0210). 

6. As per claim 5 Stolfo disclosed wherein said step of receiving a request includes the step 
of receiving an indication from said administrator that said user can be said proxy for said 
administrator (Page. 15, Paragraph. 0180). 

7. As per claim 6 Stolfo disclosed wherein said step of receiving a request includes the steps 
of providing a list of potential proxy candidates; providing a search mechanism to add more 
candidates to said list of potential proxy candidates (Page. 7, Paragraph. 0071); and receiving a 
selection of one or more of said potential proxy candidates, including a selection of said user 
(Page. 18, Paragraph. 0204). 

8. As per claim 7 Stolfo disclosed wherein: said credentials of said administrator include a 
distinguished name for said administrator (Page. 8, Paragraph. 0084). 
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9. As per claims 8,25,33 Stolfo disclosed wherein: said credentials of said administrator 
include identity profile attributes for said administrator (Page. 1, Paragraph. 0004). 

10. As per claims 9,26,34 Stolfo disclosed wherein: said step of associating includes storing 
an identification of said administrator in a data element used to identify said user (Page. 4, 
paragraph 0042). 

11. As per claims 10 Stolfo disclosed wherein: said step of associating includes storing an 
identification of said administrator in a cookie for said user (Page. 18, Paragraph. 0207). 

12. As per claim 1 1 Stolfo disclosed wherein: said step of associating includes using an 
identification of said administrator to identify said user (Page. 10, paragraph. 0096). 

13. As per claims 12,27 Stolfo disclosed wherein said step of associating includes the steps 
of accessing an Identity System cookie for said user, said Identity System cookie stores an 
identification of said user (Page. 18, paragraph. 0207); storing said identification of said user 
from said step of accessing in a second cookie; and storing an identification of said administrator 
in said an Identity System cookie for said user (Page. 5, paragraph. 0051). 

14. As per claims 13,42,47 Stolfo disclosed further comprising the steps of receiving a 
request to terminate said user being a proxy for said administrator; accessing said identification 



Application/Control Number: 09/998,916 Page 5 

Art Unit: 2145 

of said user in said second cookie; and storing said identification of said user in said Identity 
System cookie for said user (Page. 18, Paragraph, 0207). 

15. As per claim 14 Stolfo disclosed further comprising the steps of receiving a request from 
said user to access said Identity System; determining whether said Identity System cookie for 
said user exists; providing access to said Identity System for said (Page. 18, Paragraph. 0207). 
User if said Identity System cookie for said user exists; and authenticating said user and creating 
said Identity System cookie if said Identity System cookie for said user does not exist prior to 
said step of determining, said step of creating includes adding said identification of said user to 
said Identity System cookie (Page. 19, Paragraph. 213). 

16. As per claims 15,28,36,43,48 Stolfo disclosed wherein said step of allowing includes the 
steps of receiving a request from said user to access a service in said Identity System; accessing 
said identification of said administrator in said Identity System cookie (Page. 1 8, Paragraph. 
0207); accessing attributes for said administrator based on said identification of said 
administrator in said Identity System cookie; and providing access to said service in said Identity 
System based on said attributes for said administrator (Page. 18, Paragraph. 0209). 

17. As per claims 16,29,37,44,49 Stolfo disclosed wherein: said steps of receiving, 
associating and allowing are performed without said user providing a password for said 
administrator (Page. 12, Paragraph. 0125). 
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18. As per claim 17 Stolfo disclosed wherein: said step of associating verifies that said 
administrator is a delegated administrator having a right to be proxied (Page. 10, Paragraph. 
0101). 

19. As per claim 18 Stolfo disclosed further comprising the step of: delegating a right to be 
proxied to said administrator, said step of associating verifies that said administrator has said 
right to be proxied (Page. 10, Paragraphed. 0101). 

23. As per claims 22,30,38 Stolfo disclosed wherein: said Identity System is part of an 
integrated Identity System and Access System; and said steps of associating and allowing 
provide for said user to be said proxy for said administrator in said Identity System but does not 
provide for said user to be said proxy for said administrator in said Access System (Page. 18, 
Paragraph. 0209). 

24. As per claims 23,3 1 ,39 Stolfo disclosed wherein: said Identity System is part of an 
integrated Identity System and Access System; said step of associating includes the steps of 
accessing an Identity System cookie for said user, said Identity System cookie stores an 
identification of said user, and storing an identification of said administrator in said an Identity 
System cookie for said user (Page. 18, Paragraph. 0209); said Access System uses an Access 
System cookie for said user, said Identity System cookie is separate from said Access System 
cookie; and said Access System cookie for said user does not store an indication of said 
administrator (Page. 1 1, Paragraph. 01 14). 
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25. As per claim 35 Stolfo disclosed wherein: said step of associating include, the steps of: 
accessing an Identity System cookie for said user, said Identity System cookie stores an 
identification of said user, storing said identification of said user from said step of accessing in a 
second cookie (Page. 18, Paragraph. 0207), and storing an identification of said administrator in 
said an Identity System cookie for said user; and said method further comprises the steps of: 
receiving a request to terminate said user being a proxy for said administrator; accessing said 
identification of said user in said second cookie, and storing said identification of said user in 
said Identity System cookie for said user (Page. 18, Paragraph. 209). 

26. As per claim 45 Stolfo disclosed One or more processor readable storage devices having 
processor readable code embodied on said processor readable storage devices, said processor 
readable code for programming one: or more processors to perform a method comprising the 
steps of: receiving an indication that a user can be a proxy for a administrator, said indication is 
from said administrator; receiving an indication from said user to become said proxy for said 
administrator (Page. 5, Paragraph. 0056); associating said user with one or more credentials of 
said administrator without authenticating said user as said administrator; and allowing said user 
to use said system as said administrator based on said one or more credentials of said 
administrator (Page. 13, Paragraph. 0141). 
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Applicant's arguments filed 06/21/2005 have been fully considered but they are not persuasive. 
Response to applicant's argument as follows. 

27. Applicant argued that prior art did not disclose, "associating a user with credentials of 
administrator and allowing the user to access a system as the administrator and prior art did not 
disclose the Identity system". 

As to applicant's argument Stoflo disclosed, "Alternatively, deliver to a physical address, which 
may not secure said information of the first party to be revealed at the physical facility. 
Alternatively, delivery to a physical address, which may not secure said information of the first 
party, designated by the first party may be provided for by delivering first to first physical 
address (e.g., a depot), without revealing the private and personal information of the first party to 
the second party and unauthorized parties, and then trans-shipping to a second or last physical 
address designated by the first party but not revealed to the second party. Also Stoflo disclosed, " 
all communications from the first part appear to others to be from a party with an identity of the 
transaction identifier. Only the party providing the first party with the transaction identity. Where 
a purchase is involved, the bank or credit clearing entity stores information Unking the true 
identity of the user and the transaction identity (Page. 5, Paragraph. 0051). Stoflo also disclosed 
when a. user browses through the proxy system. The proxy system acts as a portal to web sites. 
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Alternatively, if the use is currently visiting the second part vendor's Web Page independently of 
the proxy system and the user wants to now shop privately, the user accesses the proxy system, 
and the second party vendor's Web Page cached on the user's PC then appears in the proxy 
system's window, etc. (Page. 12, Paragraph. 0128). One ordinary skill in the art at the time of the 
invention knows that transfer of information is between the one part who makes a request and the 
other end of the part who process the request by changing the names of each end doesn't hold 
different help narrowing down the claims. 

Conclusion 



28. Any inquiry concerning this communication or earlier communication from the examiner 
should be directed to Adnan Mirza whose telephone number is (571)-272-3885. 

29. The examiner can normally be reached on Monday to Friday during normal business 
hours. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on (571)-272-3933. The fax for this group is (703)- 
746-7239. The fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

30. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
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may be obtained from either Private PAIR or Public PAIR. Status information for un published 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov . Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at (866)-2 17-9 197 (toll-free). 



Adnan Mirza 



Examiner 



^ JASON CARDONE 
SUPERVISORY PATENT EXAMINER 




